Securing System Payloads

Tyk, when first installed, does not insist on signing any cluster messages or middleware bundles. However, if you are moving to production, or thinking of enabling the Dashboard configuration feature, it is strongly recommended to enable payload signatures.

Payload signatures can be enabled in your tyk.conf by setting allow_insecure_configs to false and then setting up a public / private keypair with:

Then add the path to the public key to your tyk.conf under public_key_path, this same key is also used for middleware bundle signature validation.

Make sure to keep your private key safe, and transfer it to your Dashboard instance. In your tyk_analytics.conf file, you must add the full path to the private_key_path field. This will allow your Dashboard to sign all of its payloads using the private key.

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

You can adjust all of your cookie settings by navigating the tabs on the left hand side.